Hubris

As more and more details come out about this week’s security breakdown at Sony, one thing is becoming clear:  even if you think you’re safe, add a couple of more security layers.  Because you are not safe. 

According to the New York Times, the hackers made off with a database that included customer names, addresses, usernames, passwords and as many as 2.2 million credit card numbers.  Reuters is running a story that covers the number of class action lawsuits being filed on account of the breach.  The price Sony could eventually pay out in time, legal fees and lawyer costs are on the clock. 

Why? 

VentureBeat tracked down George Hotz, aka “GeoHot”, who recently settled a lawsuit with the company over hacking into the PlayStation 3’s hardware. While Sony may consider him as public enemy number one, Hotz relies that he had nothing to do with the attack.  Considering the fact that he recently settled with Sony rather than go through years of legal wrangling, (plus the fact Hotz’s main gig is hardware hacking, not database cracking), it would tend to exclude him from the line up.  But his reaction sums up what is going on nicely:

“The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts. Alienating the hacker community is not a good idea.”

And therein lies the point.   Companies feel it is easier to hire another lawyer rather than to fix the problem.  That the threat of lawsuits is a deterrent to hackers.  It isn’t.  You have a database with the names of customers and and their credit card numbers.  Threatening legal action with a room full of empty suits doesn’t matter, especially when the chance of catching the bad guys is slim. 

As Hotz points out, engaging the hacker community may be the best option.  Hackers are, for the most part, highly intelligent and creative people who are usually more than happy to point out the failures of your system. Make it a once a year game – give the money you would pay an overpriced lawyer to write nasty letters to the first person who can crack your system and show you where to fix it.  Admit you don’t have all the answers. 

After this fiasco, it might even be seen as a huge cost savings.

Fifty Million Dollars For This?

If I were a member of the Board of Directors for the New York Times, I would not be happy right now.  You see, according to Bloomberg, The NYT has spent up to that amount in building their digital subscription package that involves a paywall. 

But much to the Times‘ chagrin, it only took four lines of Javascript to get around the paywall.  Four lines of code, people.  That’s not a wall. That’s not even a speedbump.

The paywall is currently being used in Canada and is supposed to work by limiting readers to just 20 articles per month. Once that limit is reached, attempting to click on a story will generate a graphical overlay that covers up the text and solicits a subscription.

But as demonstrated by the Nieman Journalism Lab at Harvard University, simply right clicking the page behind the overlay and selecting “inspect element” in their web browser will reveal the story’s text.  Leave it to a smart developer to create NYTClean, as a lunchtime project, that show the contents as usual without the cruft. The Times has already taken action against a Twitter account that’s been using an exploit to freely share their stories on social media. And no word yet if they will follow suit here. The Times told Forbes blogger Jeff Bercovici yesterday,

“As we have said previously, as with any paid product, we expect that there will be some percentage of people who will find ways around our digital subscriptions. We will continue to monitor the situation but plan no changes to the programming or paywall structure in advance of our global launch on March 28th.”

Don’t expect to hear any news if the Times has fired their programmers over this.

My [Collapse]

Interesting chart in the Business Insider today detailing the fall of the house of MySpace.  The number of unique visitors has declined from 70 million in January 2010 to under 45 million in January 2011.  While 45 million uniques is an amount most anyone else out there would kill for, MySpace used to be one of the top ten stops on the internet.  It no longer is.  And it is the reason why News Corp is trying to sell it like yesterday’s sushi.

Today’s value is at between $50-200 million, according to MySpace’s own wiki page.  With a trend like the chart’s, look at the lower end.  Somewhere, Tom Freston is doing the “I Told You So” dance.  Freston was fired from Viacom for being outbid by News Corp for MySpace in the summer of 2005. Freston bid $506 million.  Murdoch bid $580 million.  The value at the time: an estimated $1.5 billion.  After MySpace was bought, mergers-and-acquisitions expert Tom Aulli of Soleil-Media Metrix said, “This is probably one of the best acquisitions ever.”

Sumner Redstone passed on buying Facebook a few weeks later, commenting, “We looked at it. The price is too high”

Sometimes the jokes write themselves.  But I digress.

Just why has MySpace imploded?  There are a number of reasons.  As I have said, when you base your business model on the tastes of those between twelve and twenty, you better be prepared to move fast or die.  This was MySpace back in 2005.  It was young and hip, like that party that you sometimes find yourself at where everyone is talking about bands you never heard of and looking at you like you’re from 1890 when you ask a question.  There were very few, if any, older adults using it.  It is something that Facebook overcame, as today, whole families use the Facebook to stay in touch with everyone and each other.  Facebook realized that being hip is signing your death warrant.

Design and user experience is another reason.  People complained.  MySpace looked the other way.  When they finally came up with a redesign, it was too little, too late.  As Richard Dunlop-Walters points out:

“Employing tricks like needless pagination, auto-refreshing (see Salon.com), misleading headlines, and the like is cheating. You didn’t earn those pageviews, you tricked people into giving them to you. And then you look at shit like popups, popunders, double underlined links, Snap previews, Tynt scripts, and so on, and it’s pretty clear how hostile it all is. It’s nothing but money-grabbing. If you’ve got it set up so bad that your readers are employing things like ad blockers and Safari’s Reader, you f*cked up. You did something wrong. You overestimated how much your readers are willing to tolerate.”

Which brings us down to the real reason why MySpace has fallen apart:  pure, unadulterated greed.  After the acquisition by News Corp, things became different at MySpace as the focus for its new owner was no longer on growth and improving the website. Instead, it became about News Corp proving that the acquisition had been profitable. The new focus of the company was on getting advertising (its sole revenue generator). And to an extent, it did work as MySpace inked a deal with Google where it was guaranteed $900 million for advertising exclusivity. After the Google deal was inked, came all the fun with advertising and the generally annoying BS on the site.  Rupert decided that the golden egg was more important than the goose that had laid it.

And now the train wreck can be yours for far less than $580 million.  Hey Sumner, wanna buy a Web 2.0 company?

Dirty Deeds Done Dirt Cheap

HBGary Federal.  It is a story about a scandal that has been bubbling under the surface for a little over a week, and just when you think that it has no more legs, something else comes to light.  And if the latest stories are any indication, this could blow up very quickly, now that the major news networks don’t have a revolution to focus on. 

For those unaware of what is going on, Aaron Barr, CEO of HBGary thought he had found out who certain members of the group Anonymous were.  He bragged about it, and started talking about unmasking the members. The FBI, the Director of National Intelligence, and the US military wanted to know, especially since Anonymous had generated DDOS attacks on Visa and Mastercard in the wake of the Wikileaks publication of State Department cables. 

And that, as they say, is when the fight started.

Within a day, Anonymous had managed to infiltrate HBGary Federal’s website and take it down. Anonymous got into HBGary Federal’s e-mail server, for which Barr was the admin, and compromised it, extracting over 40,000 e-mails and putting them up on The Pirate Bay, all after watching his communications for 30 hours, undetected. In an after-action IRC chat, Anonymous members bragged about how they had gone even further, deleting 1TB of HBGary backup data. 

They even claimed to have wiped Barr’s iPad remotely.

Ouch.

This could have been seen as yet another Anonymous/Entity skirmish, as Anonymous has had with that group that Tom Cruise is a part of, until people started reading the emails from HBGary Federal.  The emails reveal that it proposed services to clients like Hunton & Williams, a law firm working with Bank of America and the U.S. Chamber of Commerce, that included cyberattacks and misinformation campaigns, phishing emails and fake social networking profiles, pressuring journalists and intimidating the financial donors to clients’ enemies including WikiLeaks, unions and non-profits that opposed the Chamber. In a proposal, Barr suggested that HBGary Federal could work with two other security companies — Palantir and Berico Technologies — to launch cyberattacks, seed WikiLeaks with fake documents and dig up dirt on its supporters.

Now the story has two legs; the first being how a security company as resepcted as HBGary could allow even a skilled group of hackers to get in.  The story in ArsTechnica shows how HBGary fell back on all the stupid stuff we are told not to do, like using the same password for everything and not installing the current security patches available, for starters.  From the list of mistakes, it would be difficult for anyone to take them seriously going forward-a fatal hit for a security company. 

The second story, however is actually more significant as the emails shows not only HBGary, but their associated clients in a very bad light at a time when some of them were not looking too good to begin with.  Now if a story comes out about someone who is critical of the Chamber of Commerce, can it be believed?  If a story about Glenn Greenwald even sounds like a hit piece, it most likely is now.  In addition, the emails record that co-founder and renowned rootkit expert Greg Hoglund offered Farallon Research a completely new type of super-rootkit designed by HBGary and codenamed Magenta. Farallon‘s stated aim is to “connect advanced commercial technologies and the companies that develop them with the requirements of the U.S. government”. HBGary also developed trojans, rootkits and spyware with codenames such as Project C, Task Z, Task M and Task B – the latter with a dollar value in the hundreds of thousands – for defense contractor General Dynamics. 

Everyone is backing away from HBGary as Bank of America, the Chamber of Commerce, Palantir and Berico have all since released statements that say they’ve ended their relationship or never had a formal relationship with the company.  And there are many people out there who hope that this story ends soon.

However, some think that this is merely the tip of the iceberg.  It wouldn’t surprise me if this story became an Energizer bunny.

Let X=X

Oh yeah,

P.S.

I

I feel

Feel like

I am

in a burning building

and I’ve got to go…

Laurie Anderson:  Let X=X/It Tango

While Nokia CEO Stephen Elop did not intentionally channel the pre-eminent performance artist in his “burning platform’ memo to Nokia’s employees, it sure sounded like a great piece of performance art.   It was blunt, unblinking and correct in every way.  It was written to scare a complacent bureaucracy into action.  Hopefully it will accomplish what it set out to do. 

The points are simple.  He contends that Nokia failed to mobilize an adequate response to Apple’s launch of the iPhone. More to the point, he acknowledges that Nokia still hasn’t managed to create a product that rivals the iPhone user experience.  He notes that Android has only been out for two years and during that time has created a “gravitational force” , while during that same time, Nokia has only one product utilizing their top of the line platform, MeeGo.    In the mean time, low end smartphones from China  are taking the bottom half of Nokia’s market. 

Elop says that the company will unveil a “new strategy” on Friday with the aim of changing course. Although the specific details of the new plan aren’t known yet, there has been a great deal of speculation. It’s widely-believed that Elop is preparing to reorganize the company and replace many senior executives.  There is also the rumor of tying Nokia to the Microsoft Windows Phone 7.  That move is questionable, but not out of the range of possibility. 

The truth and the direction will come out on Friday.  Untl then, the platform is indeed burning and the real questions seem to be how far is the drop and how cold is the water below.

MyHalf: Fifty Percent Gone From MySpace

MySpace, once a major internet force, is down for the count.  According to reports, expect at least half the staff to be laid off on Tuesday.  Liz Gannes first reported the story back in December, but apparently the date has been set and the layoffs begin in earnest.  After the layoffs, the News Corp.-owned MySpace will turn its sights to sale options.

Reportedly, Yahoo! is in talks with the News Corp, which may prove interesting (and by interesting I mean lots of comic fodder), but mainly, the site is being shopped to private equity firms.

The moves were expected.  After all you don’t lose most of your best executives and expect to stay viable, especially when you decide to become the Etsy of bad music.  The writing was on the wall in November when MySpace announced a feature that delivers entertainment recommendations based on your Facebook profile information. The announcement essentially conceded that MySpace could no longer stand on its own as a social network.

If anything MySpace should be a lesson for many out there.  News Corp bought My Space at its peak with no clear idea as to what to do with it. Instead of improving and breaking new ground, the site went slowly sideways, allowing Facebook to overtake it. The rest is history. 

As for the future?  Selling to a private equity firm is tantamount to sending the horse to the glue factory.  Selling to Yahoo doesn’t make much sense.  But who knows?  Stranger things have happened. 

It’s A Festivus Miracle!

Today is Festivus. In accordance with tradition, I submit my 2010 Airing of Grievances. The following have disappointed me over the past year, in no particular order:

• Carol Bartz for still not figuring out what Yahoo is, $@#$#%#^^$%!!!!!!!!!!!. Of course no one else has either, but really, she is the head Hooligan, so she should have some idea.
• Steve Jobs for not allowing Chris Chang’s company to make a really cool action figure of him. Yeah I know, someone would put a mini Darth Vader helmet on it and then make a viral video which would piss him off to no end. But really, Steve, I promise I wouldn’t skewer you too much.
• Ray Ozzie for not gathering the Microsoft developers French revolution style and storming Ballmer’s office for cancelling Courier. Of course I get the fact that Ray didn’t want his breast exposed as in the painting. But still, it would have been awesome.
• Every single TV maker in the world. 3-D. Really? After all these years and the only thing you can offer as an advancement in 3-d technology is polarized glasses? Really?
• Google. Before rolling out Google TV, don’t you think it would have been a really keen idea to get the networks to buy into it?
• Apple. Ping. The less said, the better.
• Airlines that think that voice recognition is really cool. It isn’t. It’s annoying. I have to say the same thing five times before the system recognizes it, or else do my impression of Lillith from Frasier.
• The TSA. Come on guys, I’ve been looking for a real good grope, and nothing. Am I that undesirable? I feel cheated.
• People on Facebook who immediately are up in arms when a change is made to the system. There’s a life out there. Go get one.
• By that same token, Facebook. You know if you set everyone’s privacy to the highest and let them decide to open themselves up, you wouldn’t have so many people out there screaming. Just a thought.
• Apple again for pretending to be East Germany over losing an iPhone, complete with Stasi-like raids in the middle of the night.
• Steve Jobs again, this time for telling left handed people that the iPhone is perfect and they are not.
• Viacom, for still continuing with a lawsuit that has been thrown out of court once.
• Microsoft for allowing Kin to see the light of day.
• Telecom companies that have made a standard like 4G a marketing tool. When you do things like that, then we know you aren’t telling the truth about anything, OK?
• And finally, to politicians who decry Net Neutrality really loud. Please to note that those who cry the loudest are the ones who have received huge amounts of money from the telecom companies. I still think that our legislators need to wear NASCAR jumpsuits with patches of the companies and groups who have sponsor them. Now that would be transparency I could get behind.

Sorry Mark, But It’s Really “The Year of the Suck”

According to Time, Mark Zuckerberg is the Person of the Year.  Why not?  Facebook looks like it going to take over the earth.  The guy’s not even out of his twenties and there has been a Golden Globe nominated major motion picture made about him. It seems like everything Facebook touches right now succeeds. 

But I think that Time missed the boat, because I don’t think that this should be the Year of the Zuck, but because I think this should be the Year of the Suck.  As in Executives that are clearly making bad choices that are costing employees their jobs and still raking in the cash like it’s 1999.

And we have a nice group of them, starting off with the former head of HP, Mark Hurd, who made HP employees pine for the halcyon days of Carly Fiorina.  That takes talent.  Firing him over fudging his expense reports in connection with some shady hanky-panky with a former marketing contractor seemed cheap in some respects, but don’t cry for Marky Mark.  After all, HP’s board then gave him a severance package of forty to fifty million to make sure he wouldn’t sue them.  Then he turned around and was hired by Larry Ellison.  A classic example of failing upward.

Next on the list is Steve Ballmer.  Starts off the year touting tablets at CES.  What’s he doing this upcoming January?  Touting tablets at CES.  How many tablets have been released running Windows this past year?  Right.  It brings to mind the line about how  insanity is doing the same thing over and over and expecting a different outcome.   While Apple has taken the money and run, Steve cancelled development on Courier,  the one tablet concept that was different enough to have taken on the other Steve’s  iPad and won.  In the mean time, Microsoft released the Kin, a “smartphone” that was neither all that smart nor much of a phone.  Someone had the good sense to kill it about a month later.  Windows Phone 7 was then released, to a great yawning of the general public.  Not because it wasn’t good – it really is.  The fact is that somewhere along the line, Ballmer and company decided that bold was something that someone else did.  Which is one probable reason why Ray Ozzie finally said “forget this” and left. Right now Microsoft needs boldness.  But instead, Baldo gives it safe bureaucracy.  But hey, why should he care?  He’s getting paid a king’s ransom.

And where would the year be without Carol Bartz?  Laying off five percent of your staff a week before Christmas only epitomizes the tin ear that she has brought to Yahoo.  This only drives home the question “Why did Microsoft think it was a good deal to buy Yahoo in the first place?”  I mean, Jerry Yang was pretty bad, but Carol “the Swear Engine” Bartz seems to be bound and determined to make sure the next group that wants to lay down some coin for Yahoo will be getting it at fire sale prices.  As has been pointed out, Yahoo is sitting on what could easily be their salvation – Flickr – and yet Yahoo is acting as if it is a red headed step-child.  All this, and she’s getting paid 47.2 million this year.  Nice work, if you can get it.

And that’s only three.  When you throw in bank CEO’s that drove the world economy into a ditch, yet still feel they are deserving of muti-million dollar bonuses, “just because”, you really start to wonder.  Kudos to Mark and all the other corporate leaders that are successful in these times; it takes a lot.  But given these times, the spotlight should really have fallen on those who have made it that much worse.  And when I say “Having the spotlight fall on them”, I mean that.  Literally. 

What ‘Cha Gonna Do With All That Junk?

For the last twenty four hours or so, the internet has been awash in some fairly rabid anti-TSA sentiment. This has to do with John Tyner, a gentleman in San Diego who did not want to go through the backscatter machine. His alternative was to receive an “enhanced pat-down” search. That would have involved the screener touching Tyner’s genitals. This would never had been a blip on the radar, but Tyner refused to go any further with the procedures, captured the conversation with the TSA with his cell phone camera, posted it on the web and well, suddenly the question about scanners, pat-downs and the TSA is like a missing white female on the Nancy Grace show.

The full-body scans were implemented after an attempted bombing by Umar Farouk Abdulmutallab, the so-called underwear bomber, after he tried to hide explosives in his underwear. Obviously the material passed through the metal detectors handily. There are currently 385 scanning units in use at 68 airports. And they work, no doubt about that. Except, of course if there are explosives inside a bodily cavity, like a mouth or anus. But aside from that, there are plenty of questions concerning health and privacy.

First, about the health. No matter what you may call the process, we are talking about radiation. You know, like when you go to the dentist and the assistant goes to take an X-Ray of your mouth. Ever wonder why they put a lead shield on your chest and the assistant goes outside the room to take the picture of your teeth? It’s because continuous exposure is not good for you. Several researchers at the University of California at San Francisco have warned of the radiation risks concerning the backscatter machines. The airline’s pilot union had also expressed concerns, given that pilots would be subjected to excessive radiation. The Electronic Privacy Information Center filed a separate FOIA request last summer to obtain reports and other information the TSA used to determine the health effects of the devices before deploying them in airports. The civil liberties group announced on Tuesday that it was suing the agency to comply with the request. Consumer rights advocate Ralph Nader told reporters on a call on Tuesday that the technology has not been subjected to proper analysis to determine the health risks.

As for the privacy issue, the TSA has taken pains to tell the public that any images are not saved. There is one slight problem to that statement, however. While the images are not supposed to be saved, they can be. And because they can be saved, they will. Especially of those young women who should work for Hooters. Case in point: Gizmodo published 100 of the photographs saved by the Gen 2 millimeter wave scanner from Brijot Imaging Systems, Inc., obtained by a FOIA request after it was recently revealed that U.S. Marshals operating the machine in the Orlando, Florida courthouse had improperly – perhaps illegally – saved images of the scans of public servants and private citizens. Now if this should fall on the side of sheer stupidity or perverse delight, I would not rule out the former. After all, most of the see-through pictures are of your typical, overweight Florida lawyer. And I don’t know if there is that huge a market out there for Lawyer porn. I could be wrong, of course.

Which leave us with the issue of “enhanced pat downs”. Over the last few years, I have developed a rather jaundiced eye over anything the government claims is “enhanced”. And I side whole-heartedly with any parent out there forced to watch their child being groped in the name of national security. My question is what was wrong with the old “back of the hand” procedure? I’ve been patted down like that with no problems. Is using the palm of the hand that more effective? If so, where are the studies to back it up?

But even with all the internet rage, A USA Today/Gallup poll released last week said that 78 percent of air travelers approve of full-body scanners in airports and 84 percent believe the scanners would prevent explosives from being carried on a plane. Some 98 percent of passengers say they would rather have a full-body scan than a pat-down search. So I would not expect to see the scanners going away any time soon.

As for the pat-downs? The TSA has said there will be no change to the policy. Yet. I’m waiting for someone to start faking an orgasm loudly, like Meg Ryan in the lunch scene from “When Harry Met Sally“. Now that would be worth throwing on YouTube.

And chances are, that would change the procedure in record time.

Now Playing: Black Eyed Peas – Monkey Business – My Humps

Back To Basics for Digg

It wasn’t that long ago that Digg, the Social news aggregator was doing quite well.  The came August when all hell broke loose with the unveiling of a new version of the site.  Since that time it has been all down hill and fast for the company. 

How fast has the downhill run been? Today’s announcement of the departure of Chas Edwards, Digg’s chief revenue officer came hot on the heels of another announcement from CEO Matt Williams:

Unfortunately, to reach our goals, we have to take some difficult steps. The fact is our business has a burn rate that is too high. We must significantly cut our expenses to achieve profitability in 2011. We’ve considered all of the possible options for reduction, from salaries to fixed costs. The result is that, in addition to lowering many of our operational costs, I’ve made the decision to downsize our staff from 67 to 42 people.

Now that is a lot of staff to be dropped.  But Edward’s departure is telling.  After all, it was his group that was responsible for Digg’s ads that were popular with users.  The redesign did not have them, and, angering many.  And ads mean money.

While many features have been rolled back, it has not been enough to bring back Digg’s sizable audience yet; many left for Reddit, Digg’s main competitor, and have not looked back.  One of the biggest user complaints in recent weeks has been an increase in “spam” material on Digg’s front page from sites that held no interest to the community. Several sites reached the front page partly because whoever ran the sites corralled enough votes without moderators noticing. The submissions were eventually removed from the site.

But, while six weeks on the internet can seem like an eternity, it is still only six weeks.  And more time is what is needed at this point to see if the layoffs are going to work.  As Williams said, “We need to reset, in terms of strategy and get back in a start-up mode.”

Unfortunately, with Facebook, Twitter and Reddit filling the void, Time may not be the thing that is available. 

WordPress Tags: Digg, Failure, Business

Now Playing: David Lee Roth – Eat ‘Em and Smile – Tobacco Road